Many client applications resident on a device, such as a mobile phone or a desktop computer, need access to a user's or a network's protected data or resources. The problem for the resource owner (e.g., the user or network) is whether the resource owner can trust the client application requesting access to the data or resources.